Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

road to swarm - fixing things

Browse Source
This commit is contained in:
bunkerity 2021-03-12 17:31:26 +01:00
parent 95f7ca5b2d
commit 3591715f21
12 changed files with 57 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
autoconf/AutoConf.py
View File

@ -1,4 +1,5 @@
from Config import Config from Config import Config
import utils
class AutoConf : class AutoConf :
@ -40,9 +41,9 @@ class AutoConf :
def __get_infos(self, obj) : def __get_infos(self, obj) :
if self.__swarm : if self.__swarm :
id = obj["Actor"]["ID"] id = obj.id
name = obj["Actor"]["Attributes"]["name"] name = obj.name
labels = obj.attrs["Spec"]["Labels"] labels = obj.attrs["Spec"]["Labels"]
else : else :
id = obj.id id = obj.id
name = obj.name name = obj.name
@ -51,11 +52,10 @@ class AutoConf :
def __process_instance(self, instance, event, id, name, labels) : def __process_instance(self, instance, event, id, name, labels) :
if event == "create" : if event == "create" :
self.__instances[id] = obj self.__instances[id] = instance
if self.__swarm : if self.__swarm :
if self.__config.global(self.__instances) : if self.__config.globalconf(self.__instances) :
utils.log("[*] global config generated") utils.log("[*] global config generated")
self.__config.reload(self.__instances)
else : else :
utils.log("[!] can't generate global config") utils.log("[!] can't generate global config")
utils.log("[*] bunkerized-nginx instance created : " + name + " / " + id) utils.log("[*] bunkerized-nginx instance created : " + name + " / " + id)
@ -102,7 +102,7 @@ class AutoConf :
if self.__config.deactivate(instances, vars) : if self.__config.deactivate(instances, vars) :
utils.log("[*] Deactivated config for " + vars["SERVER_NAME"]) utils.log("[*] Deactivated config for " + vars["SERVER_NAME"])
else : else :
utils.log("[!] Can't deactivate config for " + vars["SERVER_NAME"])+ utils.log("[!] Can't deactivate config for " + vars["SERVER_NAME"])
del self.__servers[id] del self.__servers[id]
if self.__config.remove(vars) : if self.__config.remove(vars) :
utils.log("[*] Removed config for " + vars["SERVER_NAME"]) utils.log("[*] Removed config for " + vars["SERVER_NAME"])

19
autoconf/Config.py
View File

@ -1,7 +1,7 @@
#!/usr/bin/python3 #!/usr/bin/python3
import utils import utils
import subprocess, shutil, os, traceback import subprocess, shutil, os, traceback, requests
class Config : class Config :
@ -9,21 +9,24 @@ class Config :
self.__swarm = swarm self.__swarm = swarm
self.__api = api self.__api = api
def global(self, instances) : def globalconf(self, instances) :
try : try :
for instance_id, instance in instances.items() : for instance_id, instance in instances.items() :
env = instance.attrs["Spec"]["TaskTemplate"]["ContainerSpec"]["Env"] env = instance.attrs["Spec"]["TaskTemplate"]["ContainerSpec"]["Env"]
break break
vars vars = {}
for var_value in env : for var_value in env :
var = var_value.split("=")[0] var = var_value.split("=")[0]
value = var_value.replace(var + "=", "", 1) value = var_value.replace(var + "=", "", 1)
vars[var] = value vars[var] = value
proc = subprocess.run(["/opt/entrypoint/global-config"], vars["SERVER_NAME"]], env=vars, capture_output=True) proc = subprocess.run(["/opt/entrypoint/global-config.sh"], env=vars, capture_output=True)
return proc.returncode == 0 if proc.returncode == 0 :
with open("/etc/nginx/autoconf", "w") as f :
f.write("ok")
return True
except Exception as e : except Exception as e :
traceback.print_exc() traceback.print_exc()
utils.log("[!] Error while generating config : " + str(e)) utils.log("[!] Error while generating global config : " + str(e))
return False return False
def generate(self, instances, vars) : def generate(self, instances, vars) :
@ -49,7 +52,7 @@ class Config :
return proc.returncode == 0 return proc.returncode == 0
except Exception as e : except Exception as e :
traceback.print_exc() traceback.print_exc()
utils.log("[!] Error while generating config : " + str(e)) utils.log("[!] Error while generating site config : " + str(e))
return False return False
def activate(self, instances, vars) : def activate(self, instances, vars) :
@ -110,7 +113,7 @@ class Config :
nodeID = task["NodeID"] nodeID = task["NodeID"]
taskID = task["ID"] taskID = task["ID"]
fqdn = name + "." + nodeID + "." + taskID fqdn = name + "." + nodeID + "." + taskID
req = requests.post("http://" + fqdn + ":8080" + api + "/reload") req = requests.post("http://" + fqdn + ":8080" + self.__api + "/reload")
if req and req.status_code == 200 : if req and req.status_code == 200 :
utils.log("[*] Sent reload order to instance " + fqdn + " (service.node.task)") utils.log("[*] Sent reload order to instance " + fqdn + " (service.node.task)")
else : else :

8
autoconf/Dockerfile
View File

@ -1,7 +1,11 @@
FROM nginx:stable-alpine AS builder
FROM alpine FROM alpine
COPY --from=builder /etc/nginx/ /opt/confs/nginx
RUN apk add py3-pip apache2-utils bash certbot curl logrotate && \ RUN apk add py3-pip apache2-utils bash certbot curl logrotate && \
pip3 install docker && \ pip3 install docker requests && \
mkdir /opt/entrypoint && \ mkdir /opt/entrypoint && \
mkdir -p /opt/confs/site && \ mkdir -p /opt/confs/site && \
mkdir -p /opt/confs/global mkdir -p /opt/confs/global
@ -12,6 +16,4 @@ COPY entrypoint/* /opt/entrypoint/
COPY autoconf/* /opt/entrypoint/ COPY autoconf/* /opt/entrypoint/
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
VOLUME /etc/nginx /etc/letsencrypt
ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"] ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]

12
autoconf/Dockerfile-amd64
View File

@ -1,18 +1,16 @@
FROM amd64/alpine FROM amd64/alpine
RUN apk add py3-pip apache2-utils bash && \ RUN apk add py3-pip apache2-utils bash certbot curl logrotate && \
pip3 install docker && \ pip3 install docker requests && \
mkdir /opt/entrypoint && \ mkdir /opt/entrypoint && \
mkdir -p /opt/confs/site mkdir -p /opt/confs/site && \
mkdir -p /opt/confs/global
COPY confs/site/ /opt/confs/site COPY confs/site/ /opt/confs/site
COPY entrypoint/* /opt/entrypoint/ COPY entrypoint/* /opt/entrypoint/
COPY autoconf/* /opt/entrypoint/ COPY autoconf/* /opt/entrypoint/
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
# Fix CVE-2020-1971
RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
VOLUME /etc/nginx VOLUME /etc/nginx
ENTRYPOINT ["/opt/entrypoint/entrypoint.py"] ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]

12
autoconf/Dockerfile-arm32v7
View File

@ -7,19 +7,17 @@ FROM arm32v7/alpine
COPY --from=builder qemu-arm-static /usr/bin COPY --from=builder qemu-arm-static /usr/bin
RUN apk add py3-pip apache2-utils bash && \ RUN apk add py3-pip apache2-utils bash certbot curl logrotate && \
pip3 install docker && \ pip3 install docker requests && \
mkdir /opt/entrypoint && \ mkdir /opt/entrypoint && \
mkdir -p /opt/confs/site mkdir -p /opt/confs/site && \
mkdir -p /opt/confs/global
COPY confs/site/ /opt/confs/site COPY confs/site/ /opt/confs/site
COPY entrypoint/* /opt/entrypoint/ COPY entrypoint/* /opt/entrypoint/
COPY autoconf/* /opt/entrypoint/ COPY autoconf/* /opt/entrypoint/
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
# Fix CVE-2020-1971
RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
VOLUME /etc/nginx VOLUME /etc/nginx
ENTRYPOINT ["/opt/entrypoint/entrypoint.py"] ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]

12
autoconf/Dockerfile-arm64v8
View File

@ -7,19 +7,17 @@ FROM arm64v8/alpine
COPY --from=builder qemu-aarch64-static /usr/bin COPY --from=builder qemu-aarch64-static /usr/bin
RUN apk add py3-pip apache2-utils bash && \ RUN apk add py3-pip apache2-utils bash certbot curl logrotate && \
pip3 install docker && \ pip3 install docker requests && \
mkdir /opt/entrypoint && \ mkdir /opt/entrypoint && \
mkdir -p /opt/confs/site mkdir -p /opt/confs/site && \
mkdir -p /opt/confs/global
COPY confs/site/ /opt/confs/site COPY confs/site/ /opt/confs/site
COPY entrypoint/* /opt/entrypoint/ COPY entrypoint/* /opt/entrypoint/
COPY autoconf/* /opt/entrypoint/ COPY autoconf/* /opt/entrypoint/
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
# Fix CVE-2020-1971
RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
VOLUME /etc/nginx VOLUME /etc/nginx
ENTRYPOINT ["/opt/entrypoint/entrypoint.py"] ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]

12
autoconf/Dockerfile-i386
View File

@ -1,18 +1,16 @@
FROM i386/alpine FROM i386/alpine
RUN apk add py3-pip apache2-utils bash && \ RUN apk add py3-pip apache2-utils bash certbot curl logrotate && \
pip3 install docker && \ pip3 install docker requests && \
mkdir /opt/entrypoint && \ mkdir /opt/entrypoint && \
mkdir -p /opt/confs/site mkdir -p /opt/confs/site && \
mkdir -p /opt/confs/global
COPY confs/site/ /opt/confs/site COPY confs/site/ /opt/confs/site
COPY entrypoint/* /opt/entrypoint/ COPY entrypoint/* /opt/entrypoint/
COPY autoconf/* /opt/entrypoint/ COPY autoconf/* /opt/entrypoint/
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
# Fix CVE-2020-1971
RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
VOLUME /etc/nginx VOLUME /etc/nginx
ENTRYPOINT ["/opt/entrypoint/entrypoint.py"] ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]

2
autoconf/app.py
View File

@ -1,7 +1,7 @@
#!/usr/bin/python3 #!/usr/bin/python3
from AutoConf import AutoConf from AutoConf import AutoConf
import utils, config import utils
import docker, os, stat, sys import docker, os, stat, sys
# Connect to the endpoint # Connect to the endpoint

2
autoconf/entrypoint.sh
View File

@ -2,6 +2,8 @@
echo "[*] Starting autoconf ..." echo "[*] Starting autoconf ..."
cp /opt/confs/nginx/* /etc/nginx
# trap SIGTERM and SIGINT # trap SIGTERM and SIGINT
function trap_exit() { function trap_exit() {
echo "[*] Catched stop operation" echo "[*] Catched stop operation"

4
confs/global/api.conf
View File

@ -1,9 +1,9 @@
set api_uri "%API_URI%";
rewrite_by_lua_block { rewrite_by_lua_block {
local api = require "api" local api = require "api"
ngx.var.api_uri = "%API_URI%
if api.is_api_call() then if api.is_api_call() then
ngx.header.content_type = 'text/plain' ngx.header.content_type = 'text/plain'
if api.do_api_call() then if api.do_api_call() then

4
entrypoint/entrypoint.sh
View File

@ -103,7 +103,7 @@ rsyslogd
crond crond
# wait until config has been generated if we are in swarm mode # wait until config has been generated if we are in swarm mode
if [ "$SWARM_MODE" != "yes" ] ; then if [ "$SWARM_MODE" = "yes" ] ; then
echo "[*] Waiting until config has been generated ..." echo "[*] Waiting until config has been generated ..."
while [ ! -f "/etc/nginx/autoconf" ] ; do while [ ! -f "/etc/nginx/autoconf" ] ; do
sleep 1 sleep 1
@ -112,7 +112,7 @@ fi
# stop temp config if needed # stop temp config if needed
if [ -f "/tmp/nginx-temp.pid" ] ; then if [ -f "/tmp/nginx-temp.pid" ] ; then
nginx -c /etc/nginx/nginx-temp.conf -s quit nginx -c /tmp/nginx-temp.conf -s quit
fi fi
# run nginx # run nginx

7
entrypoint/logs.sh
View File

@ -1,5 +1,12 @@
#!/bin/bash #!/bin/bash
# load default values
. /opt/entrypoint/defaults.sh
# load some functions
. /opt/entrypoint/utils.sh
# copy stub confs
cp /opt/logs/rsyslog.conf /etc/rsyslog.conf cp /opt/logs/rsyslog.conf /etc/rsyslog.conf
cp /opt/logs/logrotate.conf /etc/logrotate.conf cp /opt/logs/logrotate.conf /etc/logrotate.conf